New zero-day Joomla exploit in the wide

New SQL injection exploit have been published targeting Joomla CMS, the Red Security TEAM have made the exploit available and allow to have database name or check all tables name also you can have the database users login and different user passwords.

The vulnerability exists in the discussion component of Joomla (com_discussions) that exist by default in any CMS, but the webmaster may activate this component for having the discussion enabled on website.

As this is a zero day their still no update or patch for this vulnerability but as a workaround It is recommended to modify the source code of the page “index.php” to examine the URL parameter “catid” in the #__contact_details table before being used in SQL queries.